Description
ACL_TABLE_L3V6 table on Mellanox switches cant be created due to unsupported ETHERTYPE field.
Steps to reproduce the issue:
-
Configure section ACL_TABLE with type "L3V6" and section ACL_RULE with one rule.
Example:
{
"ACL_TABLE": {
"port29-v6-in": {
"policy_desc": "ingress v6 acl for port29",
"type": "L3V6",
"ports": ["Ethernet112"],
"stage": "ingress"
}
},
"ACL_RULE": {
"port29-v6-in|default": {
"PRIORITY": "1",
"SRC_IPV6": "0:0:0:0:0:0:0:0/0",
"PACKET_ACTION": "DROP"
}
}
}
-
Check logs from syncd and swss with keyword "ACL"
Describe the results you received:
Syncd and swss reports errors about ACL_TABLE creation failure:
INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR ACL: Failed calculating key blocks.
INFO swss#supervisord: orchagent what(): parse error - unexpected end of input
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST: 2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE: 2:SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE,SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_STAGE: SAI_ACL_STAGE_INGRESS
ERR syncd#syncd: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE
INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR SAI_ACL: mlnx_sai_acl.c[11234]- mlnx_create_acl_table: Failed to create flex key - Internal Error.
ERR syncd#syncd: :- syncd_main: Runtime error: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE
Describe the results you expected:
ACL IPv6 table should be created and populated with rules, no SAI errors should be generated.
Output of show version:
SONiC Software Version: SONiC.HEAD.129-0c9040de
Distribution: Debian 9.11
Kernel: 4.9.0-9-2-amd64
Build commit: 0c9040d
Build date: Thu Nov 21 12:50:41 UTC 2019
Built by: johnar@jenkins-worker-4
Platform: x86_64-mlnx_msn2700-r0
HwSKU: Mellanox-SN2700
ASIC: mellanox
Description
ACL_TABLE_L3V6 table on Mellanox switches cant be created due to unsupported ETHERTYPE field.
Steps to reproduce the issue:
Configure section ACL_TABLE with type "L3V6" and section ACL_RULE with one rule.
Example:
{
"ACL_TABLE": {
"port29-v6-in": {
"policy_desc": "ingress v6 acl for port29",
"type": "L3V6",
"ports": ["Ethernet112"],
"stage": "ingress"
}
},
"ACL_RULE": {
"port29-v6-in|default": {
"PRIORITY": "1",
"SRC_IPV6": "0:0:0:0:0:0:0:0/0",
"PACKET_ACTION": "DROP"
}
}
}
Check logs from syncd and swss with keyword "ACL"
Describe the results you received:
Syncd and swss reports errors about ACL_TABLE creation failure:
INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR ACL: Failed calculating key blocks.
INFO swss#supervisord: orchagent what(): parse error - unexpected end of input
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST: 2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS: true
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE: 2:SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE,SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE
ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_STAGE: SAI_ACL_STAGE_INGRESS
ERR syncd#syncd: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE
INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR SAI_ACL: mlnx_sai_acl.c[11234]- mlnx_create_acl_table: Failed to create flex key - Internal Error.
ERR syncd#syncd: :- syncd_main: Runtime error: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE
Describe the results you expected:
ACL IPv6 table should be created and populated with rules, no SAI errors should be generated.
Output of
show version:SONiC Software Version: SONiC.HEAD.129-0c9040de
Distribution: Debian 9.11
Kernel: 4.9.0-9-2-amd64
Build commit: 0c9040d
Build date: Thu Nov 21 12:50:41 UTC 2019
Built by: johnar@jenkins-worker-4
Platform: x86_64-mlnx_msn2700-r0
HwSKU: Mellanox-SN2700
ASIC: mellanox